← Back to Skills Marketplace
tiger-xzp

security plugins

by tank · GitHub ↗ · v1.0.21 · MIT-0
cross-platform ⚠ suspicious
205
Downloads
0
Stars
0
Active Installs
14
Versions
Install in OpenClaw
/install senpub
Description
Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want...
Usage Guidance
This skill is an installer script that will contact external endpoints (embedded domains), create and store a local device id, write login state under a .state directory, and update the local OpenClaw plugin configuration (including writing ApiKey/AppId) and restart the OpenClaw gateway. Before installing: (1) verify the service domains and the package owner (no homepage/owner metadata is provided here), (2) inspect the bundled scripts (bundle.cjs) yourself or run in an isolated/staging VM, (3) back up existing OpenClaw config and plugin directories, (4) be aware credentials may appear transiently in process arguments and logs so check local audit/logging policies, and (5) if you proceed, monitor network traffic and consider rotating any issued keys after testing. If you are not sure you trust the external endpoints or cannot validate the publisher, treat this as untrusted code and do not run it on production hosts.
Capability Analysis
Type: OpenClaw Skill Name: senpub Version: 1.0.21 The ClawSentry skill bundle is designed to install and configure a security plugin by executing a minified Node.js script (scripts/bundle.cjs). This script performs network requests to external domains (clawsentry.cn) to manage authentication tokens and uses shell commands to modify the local OpenClaw configuration and restart services. While the behavior is transparently documented in SKILL.md and aligns with the stated purpose of a security installer, the use of minified code, background process spawning for credential polling, and direct shell execution for configuration updates are high-risk behaviors that warrant a suspicious classification.
Capability Tags
crypto
Capability Assessment
Purpose & Capability
The name/description match the actual operations: the bundle script installs/cleans/updates the ai-assistant-security-openclaw plugin, updates OpenClaw config, and restarts the gateway. The external API endpoints embedded in the bundle are consistent with a login/token flow for the plugin. The lack of homepage/author metadata reduces provenance but does not contradict purpose.
Instruction Scope
SKILL.md instructs the agent/user to run the included Node script which: creates a local device id, polls an external login API, writes login state under .state/, installs/updates plugin config via the local openclaw CLI, and restarts openclaw gateway. These steps stay within the installer’s scope but include high-impact host actions (removing plugin dirs, writing credentials into config, restarting services) and transient exposure of credentials in process args/logs (which the SKILL.md itself calls out).
Install Mechanism
No external install spec — the script is bundled in the skill (bundle.cjs). The script makes HTTPS calls to embedded domains but does not download arbitrary code at runtime. Executing a bundled Node script that runs shell commands is expected for an installer, but it is still executing code on the host, so verify the bundle before running.
Credentials
The skill requests no environment variables or unrelated credentials. It does, however, read/write local plugin configuration and will persist ApiKey/AppId into OpenClaw's plugin config after authorization — which is necessary for its stated function but is sensitive and should be expected by the user.
Persistence & Privilege
always:false and agent-autonomy defaults are OK. The installer intentionally modifies OpenClaw configuration, removes plugin directories, and restarts the OpenClaw gateway — these are high-privilege host changes but are coherent with an installer. There is no evidence it attempts to persist outside its own config/state paths beyond updating OpenClaw plugin settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install senpub
  3. After installation, invoke the skill by name or use /senpub
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.21
No changes detected in this version. - Version 1.0.21 does not include any file changes or user-facing updates.
v1.0.20
Version 1.0.20 of the ClawSentry skill - No file or documentation changes detected in this release. - All instructions, use cases, and privacy notes remain unchanged. - No new features, fixes, or updates were introduced in this version.
v1.0.19
No visible changes in this release (1.0.19); the SKILL.md file remains unchanged. - No updates or modifications detected in this version.
v1.0.18
No functional changes; SKILL.md updated for more detailed privacy and operational information. - Expanded Data & Privacy section to clarify login state persistence, credential handling, and host process exposure. - Documented inclusion of `ApiKey` and `AppId` in config and polling logs after authorization. - Clarified usage of local `openclaw` CLI for configuration and service restart. - Updated local files and host changes sections for more accurate descriptions.
v1.0.17
No functional code changes in this version; documentation expanded for transparency and clarity. - Added Data & Privacy section outlining how device identifiers are handled and what information is sent externally. - Described external network targets and the purpose of outgoing HTTPS requests. - Detailed local files created or modified by the install script. - Clarified changes made to the host via OpenClaw CLI operations. - No file or code changes detected; content updates limited to SKILL.md documentation.
v1.0.16
No functional changes in this version. - Documentation in SKILL.md has been significantly condensed and simplified. - All technical and background details about script operations, network endpoints, file operations, data collection, security measures, and installation risks have been removed. - The focus is now on basic use cases and clear step-by-step usage instructions.
v1.0.15
- Initial release of ClawSentry skill to install and configure security plugins for OpenClaw, including `ai-assistant-security-openclaw`. - Bundled script fully automates plugin installation, login token generation, and updates configuration upon successful login. - Stores login state and monitoring logs locally, with all communication and sensitive data encrypted. - Details security risks, operational transparency, and manual verification steps to ensure safe installation. - Usage instructions provided for both automated and manual setup scenarios.
v1.0.6
- Updated API endpoints to use fully qualified HTTPS URLs for login token creation and status checking. - No functional code changes; documentation improved to clarify exact remote endpoints used. - Ensures greater transparency regarding network communications and remote interactions.
v1.0.5
No user-visible changes in this version. - Version 1.0.5 released with no detected file changes.
v1.0.4
No user-visible changes in this release. - Version 1.0.4 released with no file changes detected.
v1.0.3
No user-visible changes in this release. - Version updated to 1.0.3 with no file changes detected. - No functional or documentation updates from the previous version.
v1.0.2
No user-facing changes in this release. - Internal version bump to 1.0.2. - No modifications detected in skill files or documentation.
v1.0.1
Version 1.0.1 - Expanded documentation in SKILL.md for greater transparency about script functionality and third-party dependencies. - Added a detailed "Script Source" section to clarify the origin and contents of the bundled script. - Included explicit risk considerations, including notes on possible arbitrary code execution. - Enhanced verification and safety instructions for users prior to script execution. - Provided an alternative manual installation path for cautious users. - No code changes; documentation only.
v1.0.0
Initial release of ClawSentry for OpenClaw. - Installs and configures the ai-assistant-security-openclaw plugin in one step. - Automates device fingerprint creation and secure login token management. - Handles login status monitoring with background process and logs activity. - Updates plugin configuration with encrypted API keys on successful login. - Stores all sensitive and operational data securely within the .state directory. - Includes clear usage instructions and security considerations.
Metadata
Slug senpub
Version 1.0.21
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 14
Frequently Asked Questions

What is security plugins?

Install and configure the security-related plugins required by OpenClaw, including the `ai-assistant-security-openclaw` plugins. Use this skill when you want... It is an AI Agent Skill for Claude Code / OpenClaw, with 205 downloads so far.

How do I install security plugins?

Run "/install senpub" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is security plugins free?

Yes, security plugins is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does security plugins support?

security plugins is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created security plugins?

It is built and maintained by tank (@tiger-xzp); the current version is v1.0.21.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments